Information Privacy Law
Professor Ira Rubinstein
April 6, 2016
Article: Rhys Dipshan, “Short Circuits: 3 Areas Where Tech Law Is Falling Behind”, Legaltech News, February 27, 2017
Established technology-related laws are outdated and may become anachronistic burdens to those organizations they’re enacted to regulate. The article notes three areas where companies face the most challenges with outdated laws.
- Prosecuting Cyberespionage
Legal resources for fighting cybercrime are often limited to geopolitical jurisdictions, as restitution is a standard penalty that is a part of the federal criminal justice system. When perpetrators of cyberattacks are outside the U.S., or are nation-states themselves, restitution can be difficult to obtain in dealing with foreign actors in countries like China that lack extradition treaties with the United States.
Companies have had turn to novel means to go after foreign cyberattackers. For example, in 2016, U.S. Steel successfully petitioned the United States International Trade Commission (ITC) to take up its case against Chinese steel manufacturers that allegedly stole and profited from U.S. Steel’s intellectual property. U.S. Steel relied on Section 337 of the Tariff Act of 1930 but faced headwinds in court. Defendant, represented by Covington & Burling, argued that the ITC pleading standard is on the same level as those in district courts. U.S. Steel announced it had pulled the case from the ITC in February, noted that decades-old Section 337 law never contemplated the technological advancements over the past 50 years and needed to be reformed.
- Disclosing Government Data Access
Microsoft recently argues that SCA increasingly places a significant burden on modern technology companies that store growing volumes of their customers’ personal data.
In a case filed April 2016, Microsoft argues that both §2703 and §2705 of the SCA are unconstitutional under First and Fourth amendment grounds, as they restrict companies’ right to talk to its customers and constitute unreasonable searches.
The district court denied a motion to dismiss the case in February 2017, explaining that the First Amendment rights of Microsoft’s customers may outweigh the need for government secrecy in an investigation of a customer. The court dismissed the Fourth Amendment claim for that Fourth Amendment rights cannot be defended by anyone other than the person whose rights were infringed. However, the court did add that the government’s indefinite withholding of disclosures means that “some customers may never know that the government has obtained information in which those customers have a reasonable expectation of privacy.”
- Fighting Search Warrants for Overseas Cloud Data
It is not entirely clear what rights §2703 of SCA gives authorities to access data that is stored on overseas “cloud” servers. For example, in February 2017, Google lost its attempt to quash SCA search warrants for data it held outside the United States, while only months earlier, it successfully quashed a similar SCA warrant for its customer’s data as well. Though both rulings agreed that the SCA search warrants do not apply beyond U.S. borders, the latter reasoned that because the company moved data around regardless of a user knowing, the actual search and seizure would take place on U.S. soil.
Craig Newman, partner at Patterson Belknap Webb & Tyler, noted that the judiciary may be ill-equipped to handle how to interpret data’s location and jurisdiction given that the SCA is over 30 years old.